Skip to main content
DESelect Help Center home page Support Portal
Submit a request
Sign in
  1. DESelect
  2. Security
  3. A9. Access Control

A9. Access Control

  • Is physical and logical user access to audit logs restricted to authorized personnel?
  • Do you require a periodical authorization and validation (e.g. at least annually) of the entitlements for all system users and administrators (exclusive of users maintained by your tenants), based on the rule of least privilege?
  • Are controls in place to prevent unauthorized access to tenant application, program, or object source code, and assure it is restricted to authorized personnel only?
  • Do you have controls in place ensuring timely removal of systems access that is no longer required for business purposes?
  • Do you have a written policy for user changes (joiners, movers, leavers) to be handled?
  • Are you disabling access rights immediately after the end of employment?
  • Do you have a written password management policy?
  • Do you allow remote access?
  • Do you use generic accounts to acces the servers and applications for administrator purposes?
  • Do you allow multiple employees to use the same login?
  • Is access role based depending on the employee's function?
  • Do you monitor and review access attempts?
  • Are factory default account details been changed?
  • Do you have an identity and access management policy in place?
Copyright © DESelect bv. All rights reserved.
  • DESelect.com
  • Trust Status Page
  • Privacy Policy
  • Terms of Service